Question details

Ethernet Security for Control Network 800XA

Security for control net system 800xA

HelloI have a small 800xA system and a seperate control and server network. On one end of my control network I have a radio link to an external site and controller. I have need to tie into another meter down at the sight (Non ABB). This data would pass along the radio link along with the controller communications and then split off and travel to another subnet. I'm of course a little concerned and am looking for some best practices to ensure that nothing happens to my control network. Right now my system has no outside world access.ThanksKeith

It is WiFi connection... basically just an extension of the standard ethernet cable but over radio link. The Protocol that the take-off is using is just standard TCIP and very small packets. Just a quick meter reading every hour... nothing major.

Wi-Fi is the worst possibility for implementation so easy metering (regarding security implemenattion).
If you want to integrate wi-fi link (according standards and "best practices"), you will need radius server in DMZ zone, firewall, separate station (for client connection) and installed SW packages to mitigate intrusion (scanning connected communication link with tools to analyze security issues), IT guy who understand / diagnose link on-line. Above solution is quite expensive (normally is used for system interconnection to remote nodes or several systems integration to "multi-system" solution.
Try to use any easier way - i.e. via serial link or any other interface which is directly connected to controller communication module (bypass ethernet HMI/controller networks). In worst case / issue you will receive incorrect data only. There is possible to use wireless link to interconnect data via i.e. ModBusTCP/IP (depend on available protocol on device side).

The Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. The purpose of IPsec Configuration Tool is not primarily to encrypt the communication, but to ensure through strong authentication, that only legitimate nodes connect to the 800xA System. The IPsec Configuration Tool, allowing secure communication, can also exempt the nodes which are outside the 800xA System or the nodes that are not the Domain members.